Regular Expression Matching for Reconfigurable Constraint Repetition Inspection
14
1 Regular Expression Matching for Reconfigurable Constraint Repetition Inspection Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C. Authors : Miad Faezipour and Mehrdad Nourani Publisher : IEEE GLOBECOM 2008 Present : Chen- Rong Chang Date : May, 06, 2009
description
Regular Expression Matching for Reconfigurable Constraint Repetition Inspection. Authors : Miad Faezipour and Mehrdad Nourani Publisher : IEEE GLOBECOM 2008 Present : Chen- Rong Chang Date : May , 06, 2009. Department of Computer Science and Information Engineering - PowerPoint PPT Presentation
Transcript of Regular Expression Matching for Reconfigurable Constraint Repetition Inspection
1
Regular Expression Matching for Reconfigurable Constraint Repetition Inspection
Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.
Authors : Miad Faezipour and Mehrdad Nourani
Publisher : IEEE GLOBECOM 2008
Present : Chen- Rong Chang
Date : May, 06, 2009
Outline
Introduction Counting Meta-Character Design
Sub-RegExp Unit Counter Reset Unit Counter Sub-Circuit for At least Block
Optimizations For Area Reduction Alternate Meta-character
Experimental Results
2
Introduction
The conventional approach to deal with constraint repetitions is to unroll the pattern into the number of repetitions required.
However, constraint repetitions of nearly one thousand repetitions or more have been seen across SNORT IDS rules.
This can easily consume a huge portion of hardware resources, and is clearly inefficient.
3
Counting Meta-Character Design(1/8)
4
Counting Meta-Character Design(2/8)
Regex : (abc){2}
5
Counting Meta-Character Design(3/8)
6
Sub-RegExp Unit(4/8)
A sub-regular expression having fixed or variable length characters, or even strings containing meta-characters.
Whenever the sub-RegExp is detected, the inc signal becomes high, which in turn, increments the counter.
7
Counter Reset Unit(5/8) If the input stream contains any character other than the
ones in the sub-RegExp, or includes the sub-RegExp characters, but messes the consecutive property that the sub-RegExp count demands, the counter should reset.
8
Counter(6/9) q : count value. rst : used for power on initialization. rst_cnt : resets the counter whenever the reset sub-
circuit becomes active. n, m : as inputs to determine the range of the count when
needed. g : is an input that indicates whether the constraint repetition
is of the At least type or not. o : is the final output of the design, which indicates when the
sub-RegExp containing the counting meta-character has been detected.
9
Sub-Circuit for At least Block(7/8)
“(sub-RegExp){n,}” => “(sub-RegExp){n}(sub-RegExp)*”
10
Counting Meta-Character Design(8/8)
In summary, the parameters in our counting mechanism can be classified as follows: Exactly n: (sub-RegExp){n}, where m = n and g = 0. At Most n: (sub-RegExp){,n}, where n = 1, m > n and
g = 0. At Least n: (sub-RegExp){n,}, where m = n and g = 1. Between n and m: (sub-RegExp){n,m}, where m > n
and g = 0.
11
Optimizations For Area Reduction-Alternate Meta-character
12
Alternate Meta-character
Experimental Results(1/2)
13
Experimental Results(2/2)
STATISTICS ON SNORT IDS RULES
14
